IBM, AIX, EtherJet, Netfinity, OS/2, PowerPC, PS/2, S/390, and ThinkPad are trademarks
of International Business Machines Corporation in the United States, other countries, or
both.

IEEE, POSIX, and 802 are registered trademarks of Institute of Electrical and
Electronics Engineers, Inc. in the United States.

Intel, Celeron, EtherExpress, i386, i486, Itanium, Pentium, and Xeon are trademarks or
registered trademarks of Intel Corporation or its subsidiaries in the United States and
other countries.

Sparc, Sparc64, SPARCEngine, and UltraSPARC are trademarks of SPARC International, Inc
in the United States and other countries. Products bearing SPARC trademarks are based
upon architecture developed by Sun Microsystems, Inc.

Many of the designations used by manufacturers and sellers to distinguish their
products are claimed as trademarks. Where those designations appear in this document, and
the FreeBSD Project was aware of the trademark claim, the designations have been followed
by the “™” or the “®” symbol.

The release notes for FreeBSD 6.1-RELEASE contain a summary of the changes made to the
FreeBSD base system on the 6.1-STABLE development line. This document lists applicable
security advisories that were issued since the last release, as well as significant
changes to the FreeBSD kernel and userland. Some brief remarks on upgrading are also
presented.

This document contains the release notes for FreeBSD 6.1-RELEASE on the NEC PC-98x1
hardware platform. It describes recently added, changed, or deleted features of FreeBSD.
It also provides some notes on upgrading from previous versions of FreeBSD.

All users are encouraged to consult the release errata before installing FreeBSD. The
errata document is updated with “late-breaking” information discovered late
in the release cycle or after the release. Typically, it contains information on known
bugs, security advisories, and corrections to documentation. An up-to-date copy of the
errata for FreeBSD 6.1-RELEASE can be found on the FreeBSD Web site.

This section describes the most user-visible new or changed features in FreeBSD since
6.0-RELEASE.

Typical release note items document recent security advisories issued after
6.0-RELEASE, new drivers or hardware support, new commands or options, major bug fixes,
or contributed software upgrades. They may also list changes to major ports/packages or
release engineering practices. Clearly the release notes cannot list every single change
made to FreeBSD between releases; this document focuses primarily on security advisories,
user-visible changes, and major architectural improvements.

A temporary file vulnerability in texindex(1),
which could allow a local attacker to overwrite files in the context of a user running
the texindex(1)
utility, has been fixed. For more details see security advisory FreeBSD-SA-06:01.texindex.

A temporary file vulnerability in the ee(1) text editor,
which could allow a local attacker to overwrite files in the context of a user running ee(1), has been
fixed. For more details see security advisory FreeBSD-SA-06:02.ee.

An error in ipfw(4) IP
fragment handling, which could cause a crash, has been fixed. For more details see
security advisory FreeBSD-SA-06:04.ipfw.

A potential buffer overflow in the IEEE 802.11 scanning code has been corrected. For
more details see security advisory FreeBSD-SA-06:05.80211.

Two instances in which portions of kernel memory could be disclosed to users have been
fixed. For more details see security advisory FreeBSD-SA-06:06.kmem.

A logic bug in the IP fragment handling in pf(4), which could
cause a crash under certain circumstances, has been fixed. For more details see security
advisory FreeBSD-SA-06:07.pf.

A logic bug in the NFS server code, which could cause a crash when the server received
a message with a zero-length payload, has been fixed. For more details see security
advisory FreeBSD-SA-06:10.nfs.

A programming error in the fast_ipsec(4)
implementation results in the sequence number associated with a Security Association not
being updated, allowing packets to unconditionally pass sequence number verification
checks, has been fixed. For more details see security advisory FreeBSD-SA-06:11.ipsec.

A logic bug that could cause opiepasswd(1) to
allow an unprivileged user to configure OPIE authentication for the root user under
certain circumstances, has been fixed. For more details see security advisory FreeBSD-SA-06:12.opie.

An asynchronous signal handling vulnerability in sendmail(8),
which could allow a remote attacker to execute arbitrary code with the privileges of the
user running sendmail, typically root, has been fixed. For more
details see security advisory FreeBSD-SA-06:13.sendmail.

The ddb(4) debugger
now supports the show lock command. If the argument has a valid
lock class, this displays various information about the lock and calls a new function
pointer in lock_class (lc_ddb_show) to dump class-specific information about the lock as
well (such as the owner of a mutex or xlock'ed sx lock).

DEFAULTS kernel configuration files for each platform have
been added.

The firmware(9)
subsystem has been added. This allows to load binary data into the kernel via a specially
crafted module.

A new sysctl variable security.mac.biba.interfaces_equal
which makes all network interfaces be created with the label biba/equal(equal-equal), has been added. This is useful where
programs such as dhclient(8) and
ppp(8). which
initialize network interfaces do not have any labeling support. This variable is set as
0(disabled) by default.

The ce(4) driver, which
supports Cronyx Tau-PCI/32 adapters, has been added.

The kbdmux(4) driver
has been integrated into syscons(4) and
the kbd device driver. By default syscons(4) will
look for the kbdmux(4)
keyboard first, and then, if not found, look for any keyboard. Switching to kbdmux(4) can be
done at boot time by loading the kbdmux kernel module via loader(8), or at
runtime via kldload(8) and
releasing the active keyboard.

The sound(4) driver
has been updated in various aspects including fixing lock-related bugs that could cause
system panics in the previous releases and some performance improvements. Also this
driver now supports wider range sampling rate, multiple precisions choice, and 24/32-bit
PCM format conversion.

The snd_atiixp(4)
driver has been added. This supports ATI IXP 200/300/400 series audio controllers.

The em(4) driver now
supports big-endian architectures such as sparc64.

The le(4) driver, which
supports AMD Am7900 LANCE and Am79C9xx PCnet NICs and is based on NetBSD's
implementation, has been added. While the lnc(4) driver
also supports these NICs, this driver has several advantages over it such as MPSAFE,
ALTQ, VLAN_MTU, ifmedia, and 32-bit DMA for PCI variants.

The arp(8)
retransmission algorithm has been rewritten as that ARP requests are retransmitted
without suppression, while there is demand for such ARP entry. Due to this change, a
sysctl variable net.link.ether.inet.host_down_time has been
removed.

The arp(8) now
supports a sysctl variable net.link.ether.inet.log_arp_permanent_modify to suppress logging
of attempts to modify permanent ARP entries.

The if_bridge(4)
bridge driver now supports creating span ports, which transmit a copy of every frame
received by the bridge. This feature can be enabled by using ifconfig(8).

The if_bridge(4)
bridge driver now supports RFC 3378 EtherIP. This change makes it possible to add gif(4)
interfaces to bridges, which will then send and receive IP protocol 97 packets. Packets
are Ethernet frames with an EtherIP header prepended.

The ipfw(4) IP
packet filter now supports IPv6. The ip6fw(8) packet
filter is deprecated and will be removed in the future releases.

The ipfw(4) now
supports substitution of the action argument with the value obtained from table lookup,
which allows some optimization of rulesets. This is now applicable only to pipe, queue, divert, tee, netgraph, and ngtee rules. For example, the
following rules will throw different packets to different pipes:

The path MTU discovery for multicast packets in the FreeBSD ip6(4) stack has
been disabled by default because notifying path MTU by a lot of routers in multicast can
be a kind of distributed Denial-of-Service attack to a router. This feature can be
re-enabled by using a new sysctl variable net.inet6.ip6.mcast_pmtu.

The TCP bandwidth-delay product limiting feature has been disabled when the RTT is
below a certain threshold. This optimization does not make sense on a LAN as it has
trouble figuring out the maximal bandwidth due to the coarse tick granularity. A new
sysctl variable net.inet.tcp.inflight.rttthresh specifies
the threshold in milliseconds below which this feature will disengage. It defaults to
10ms.

The amr(4) driver
has been improved on its performance and now supports full 64-bit DMA. While this feature
is enabled by default, this can be forced off by setting the hw.amr.force_sg32 loader tunable for debugging purpose.

The ata(4) driver
now supports a workaround for some controllers whose DMA does not work properly in 48bit
mode. For the suspicious controllers the PIO mode will be used for access to over 137GB
areas.

The ata(4) driver
now supports the ITE IT8211F IDE controller, and Promise PDC40718 and PDC40719 chip found
in Promise Fasttrak TX4300.

The ata(4) driver
now supports DMA for kernel crash dump and crash dumping to ataraid(4)
device.

The GEOM_MIRROR class now supports kernel crash dump to the
GEOM providers.

The GEOM_MIRROR and GEOM_RAID3
classes now support sysctl variables kern.geom.mirror.disconnect_on_failure and kern.geom.graid3.disconnect_on_failure to control whether failed
components will be disconnected or not. The default value is 1
to preserve the current behavior, and if it is set to 0 such
components are not disconnected and the kernel will try to still use them (only first
error will be logged). This is helpful for the case of multiple broken components (in
different places), so actually all data is available. The broken components will be
visible in gmirror list or graid3 list
output with flag BROKEN.

The GEOM_MIRROR and GEOM_RAID3
classes now use parallel I/O request for synchronization to improve the performance. New
sysctl variables kern.geom.mirror.sync_requests and kern.geom.raid3.sync_requests define how many parallel I/O
requests should be used. Also, sysctl variables kern.geom.mirror.reqs_per_sync, kern.geom.mirror.syncs_per_sec, kern.geom.raid3.reqs_per_sync, and kern.geom.raid3.syncs_per_sec are deprecated and have been
removed.

A new GEOM class GEOM_ZERO has been added. It creates very
huge provider (41PB) /dev/gzero and mainly for performance
testing. On BIO_READ request it zero-fills bio_data and on BIO_WRITE it does
nothing.

The twa(4) driver
has been updated to the 9.3.0.1 release on the 3ware Web site.

The geli(8) now
supports loading keyfiles before root file system is mounted. For example, the following
entries can be used in /boot/loader.conf to enable it:

The bsnmpd(1)
utility now supports the Host Resources MIB described in RFC 2790.

The config(8)
utility now supports the nocpu directive, which cancels the
effect of a previous cpu directive.

The config(8)
utility now reads DEFAULTS kernel configuration file if it
exists in the current directory before the specified configuration file.

The csh(1) utility
now supports NLS catalog. Note that this requires installing the shells/tcsh_nls port.

The devd(8) utility
now supports a -f option to specify a configuration file.

The ln(1) utility now
supports an -F flag which allows to delete existing empty
directories, when creating symbolic links.

The locate(1)
utility now supports a -0 flag to make this utility
interoperable with xargs(1)'s -0 flag.

The ls(1) utility now
supports an -I flag to disable the automatic -A flag for the superuser.

The ftpd(8) utility
now creates a PID file /var/run/ftpd.pid even when no -p option is specified.

The getfacl(1)
utility now supports a -q flag to suppress the per-file
header comment listing the file name, owner, and group.

The gvinum(8)
utility now supports commands to rename objects and to move a subdisk from one drive to
another.

The jail(8) utility
supports a -J jid_file
option to write out a JidFile, similar to a PidFile, containing the jailid, path,
hostname, IP and the command used to start the jail.

The kdump(1) utility
now supports a -H flag, which causes kdump to print an
additional field holding the threadid.

The kdump(1) program
now supports a -s flag to suppress the display of I/O
data.

The mergemaster(8)
utility now supports an -A option to explicitly specify an
architecture to pass through to the underlying makefiles.

The moused(8) daemon
now supports an -H flag to enable horizontal virtual
scrolling similar to a -V flag for vertical virtual
scrolling.

The netstat(1)
utility now supports printing ipsec(4)
protocol statistics if the kernel was compiled with FAST_IPSEC
rather than the KAME IPSEC stack. Note that the output of netstat -s
-p ipsec differs depending on which stack is compiled into the kernel since they
each keep different statistics.

The bluetooth script has been added. This script will be
called from devd(8) in
response to device attachment/detachment events and to stop/start particular device
without unplugging it by hand. The configuration parameters are in /etc/defaults/bluetooth.device.conf, and can be overridden by using
/etc/bluetooth/$device.conf
(where $device is ubt0,
btcc0, and so on.) For more details, see bluetooth.conf(5).

The hcsecd and sdpd scripts have
been added for hcsecd(8) and sdpd(8) daemons.
These daemons can run even if no Bluetooth devices are attached to the system, but both
daemons depend on Bluetooth socket layer and thus disabled by default. Bluetooth sockets
layer must be either loaded as a module or compiled into kernel before the daemons can
run.

The pkg_add(1)
command now supports an -P flag, which is the same as the
-p flag except that the given prefix is also used recursively
for the dependency packages if any.

The pkg_add(1) and
pkg_create(1)
utilities now support a -K flag to save packages to the
current directory (or PKGDIR if defined) by default.

The pkg_create(1)
program now supports an -x flag to support basic regular
expressions for package name, an -E flag for extended regular
expressions, and a -G for exact matching.

The pkg_version(1)
utility now supports an -o flag to show the origin recorded
on package generation instead of the package name, and an -O
flag to list packages whose registered origin is origin only.

The portsnap(8)
utility (sysutils/portsnap) has been added into the FreeBSD
base system. This is a secure, easy to use, fast, lightweight, and generally good way for
users to keep their ports trees up to date.

A incorrect handling of HTTP_PROXY_AUTH in the portsnap(8)
utility has been fixed.

The startup scripts from the local_startup directory now
evaluated by using rcorder(8) with
scripts in the base system.

The suffix of startup scripts from the Ports Collection has been removed. This means
foo.sh is renamed to foo, and now
scripts whose name is something like foo.ORG will also be
invoked. You are recommended to reinstall packages which install such scripts and remove
extra files in the local_startup directory.

New rc.conf variables, ldconfig_local_dirs and ldconfig_local32_dirs have been added. These hold lists of local
ldconfig(8)
directories.

The @cwd command in pkg-plist now
allows no directory argument. If no directory argument is given, it will set current
working directory to the first prefix given by the @cwd
command.

Source upgrades to FreeBSD 6.1-RELEASE are only supported from FreeBSD 5.3-RELEASE or
later. Users of older systems wanting to upgrade 6.1-RELEASE will need to update to
FreeBSD 5.3 or newer first, then to FreeBSD 6.1-RELEASE.

Important: Upgrading FreeBSD should, of course, only be attempted after backing
up all data and configuration
files.